@strands.gg/accui 2.17.66 → 2.19.1

package/dist/useStrandsAuth-BDTnh_c_.es.js

@@ -0,0 +1,702 @@
+import { computed as u, getCurrentInstance as he, onUnmounted as ge, ref as h } from "vue";
+import { u as ve } from "./useStrandsConfig-BGJg1LlC.es.js";
+class we {
+  cache = /* @__PURE__ */ new Map();
+  DEFAULT_TTL = 300 * 1e3;
+  // 5 minutes
+  /**
+   * Memoized fetch - prevents duplicate requests and caches results
+   */
+  async fetch(d, m, w = this.DEFAULT_TTL) {
+    const E = Date.now(), s = this.cache.get(d);
+    if (s && E - s.timestamp < s.ttl)
+      return s.promise;
+    this.cleanExpired();
+    const f = m().finally(() => {
+      setTimeout(() => {
+        this.cache.delete(d);
+      }, w);
+    });
+    return this.cache.set(d, {
+      promise: f,
+      timestamp: E,
+      ttl: w
+    }), f;
+  }
+  /**
+   * Clear all cached entries
+   */
+  clear() {
+    this.cache.clear();
+  }
+  /**
+   * Remove a specific cache entry
+   */
+  invalidate(d) {
+    this.cache.delete(d);
+  }
+  /**
+   * Clean expired cache entries
+   */
+  cleanExpired() {
+    const d = Date.now();
+    for (const [m, w] of this.cache.entries())
+      d - w.timestamp > w.ttl && this.cache.delete(m);
+  }
+  /**
+   * Get cache statistics (for debugging)
+   */
+  getStats() {
+    return {
+      size: this.cache.size,
+      entries: Array.from(this.cache.keys())
+    };
+  }
+}
+const y = new we();
+function me() {
+  return {
+    fetch: y.fetch.bind(y),
+    clear: y.clear.bind(y),
+    invalidate: y.invalidate.bind(y),
+    getStats: y.getStats.bind(y)
+  };
+}
+function ye(a, d) {
+  let m = null;
+  return (...w) => {
+    m && clearTimeout(m), m = setTimeout(() => {
+      a(...w);
+    }, d);
+  };
+}
+const C = ye((a, d) => {
+  typeof window < "u" && localStorage.setItem(a, d);
+}, 300), k = (a) => ({
+  id: a.id,
+  email: a.email,
+  firstName: a.first_name || a.firstName || "",
+  lastName: a.last_name || a.lastName || "",
+  avatar: a.avatar_url || a.avatar,
+  mfaEnabled: a.mfa_enabled ?? a.mfaEnabled ?? !1,
+  emailVerified: a.email_verified ?? a.emailVerified ?? !1,
+  passwordUpdatedAt: a.password_updated_at || a.passwordUpdatedAt,
+  settings: a.settings || {},
+  xp: a.xp || 0,
+  level: a.level || 1,
+  next_level_xp: a.next_level_xp || a.next_level_xp || 4,
+  username: a.username,
+  usernameLastChangedAt: a.username_last_changed_at || a.usernameLastChangedAt,
+  createdAt: a.created_at || a.createdAt,
+  updatedAt: a.updated_at || a.updatedAt || (/* @__PURE__ */ new Date()).toISOString()
+}), pe = () => {
+  if (typeof window > "u")
+    return {
+      currentUser: h(null),
+      currentSession: h(null),
+      loadingStates: h({
+        initializing: !0,
+        signingIn: !1,
+        signingUp: !1,
+        signingOut: !1,
+        refreshingToken: !1,
+        sendingMfaEmail: !1,
+        verifyingMfa: !1,
+        loadingProfile: !1
+      }),
+      isInitialized: h(!1),
+      mfaRequired: h(!1),
+      mfaSessionId: h(null),
+      availableMfaMethods: h([]),
+      promise: null,
+      refreshTimer: null,
+      refreshPromise: null
+    };
+  const a = window;
+  return a.__STRANDS_AUTH_STATE__ || (a.__STRANDS_AUTH_STATE__ = {
+    currentUser: h(null),
+    currentSession: h(null),
+    loadingStates: h({
+      initializing: !0,
+      signingIn: !1,
+      signingUp: !1,
+      signingOut: !1,
+      refreshingToken: !1,
+      sendingMfaEmail: !1,
+      verifyingMfa: !1,
+      loadingProfile: !1
+    }),
+    isInitialized: h(!1),
+    mfaRequired: h(!1),
+    mfaSessionId: h(null),
+    availableMfaMethods: h([]),
+    promise: null,
+    refreshTimer: null,
+    refreshPromise: null
+  }), a.__STRANDS_AUTH_STATE__;
+}, c = pe();
+function _e() {
+  const { getUrl: a, config: d } = ve(), { fetch: m, clear: w, invalidate: E } = me(), { currentUser: s, currentSession: f, loadingStates: i, isInitialized: p, mfaRequired: T, mfaSessionId: g, availableMfaMethods: S } = c, I = () => {
+    if (s.value = null, f.value = null, T.value = !1, g.value = null, S.value = [], A(), c.refreshPromise = null, w(), typeof window < "u" && d.value?.onSignOutUrl) {
+      const t = window.location.pathname + window.location.search, e = d.value.onSignOutUrl;
+      t !== e && (window.location.href = e);
+    }
+  }, j = u(() => i.value.initializing), N = u(() => i.value.signingIn), F = u(() => i.value.signingUp), R = u(() => i.value.signingOut), z = u(() => i.value.refreshingToken), J = u(() => i.value.sendingMfaEmail), U = u(() => i.value.verifyingMfa);
+  u(() => i.value.loadingProfile);
+  const D = u(
+    () => i.value.signingIn || i.value.signingUp || i.value.signingOut || i.value.refreshingToken || i.value.sendingMfaEmail || i.value.verifyingMfa || i.value.loadingProfile
+  ), L = u(() => i.value.initializing || D.value), q = u(() => {
+    const t = i.value;
+    return t.initializing ? "Checking authentication..." : t.signingIn ? "Signing you in..." : t.signingUp ? "Creating your account..." : t.signingOut ? "Signing you out..." : t.refreshingToken ? "Refreshing session..." : t.sendingMfaEmail ? "Sending verification code..." : t.verifyingMfa ? "Verifying code..." : t.loadingProfile ? "Loading profile..." : "Loading...";
+  }), H = () => ({
+    "Content-Type": "application/json"
+  }), V = async () => {
+    try {
+      const t = await fetch(a("authStatus"), {
+        method: "GET",
+        credentials: "include"
+      });
+      if (!t.ok)
+        return !1;
+      const e = await t.json();
+      if (e.authenticated && e.user) {
+        s.value = k(e.user);
+        const n = e.expires_at ? new Date(e.expires_at * 1e3) : new Date(Date.now() + 300 * 1e3);
+        return f.value = {
+          accessToken: "",
+          // Token is in HttpOnly cookie
+          refreshToken: "",
+          // Token is in HttpOnly cookie
+          expiresAt: n,
+          userId: e.user.id
+        }, !0;
+      }
+      return !1;
+    } catch {
+      return !1;
+    }
+  }, G = async (t, e, n) => {
+    const r = await fetch(a("mfaHardwareCompleteRegistration"), {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json"
+      },
+      credentials: "include",
+      body: JSON.stringify({
+        device_id: t,
+        credential: e
+      })
+    });
+    if (!r.ok) {
+      const l = await r.text();
+      let o = "Failed to complete hardware key registration";
+      try {
+        const v = JSON.parse(l);
+        o = v.message || v.error || l;
+      } catch {
+        o = l || "Failed to complete hardware key registration";
+      }
+      throw new Error(o);
+    }
+    return r.json();
+  }, K = async (t, e, n = "hardware") => {
+    const r = await fetch(a("mfaHardwareStartRegistration"), {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json"
+      },
+      credentials: "include",
+      body: JSON.stringify({
+        device_name: t,
+        device_type: n
+      })
+    });
+    if (!r.ok) {
+      const l = await r.text();
+      let o = "Failed to start hardware key registration";
+      try {
+        const v = JSON.parse(l);
+        o = v.message || v.error || l;
+      } catch {
+        o = l || "Failed to start hardware key registration";
+      }
+      throw new Error(o);
+    }
+    return r.json();
+  }, W = u(() => s.value !== null), B = async (t) => {
+    i.value.signingIn = !0;
+    try {
+      T.value = !1, g.value = null, S.value = [];
+      const e = {
+        "Content-Type": "application/json"
+      };
+      typeof window < "u" && window.location && (e.Origin = window.location.origin);
+      const n = await fetch(a("signIn"), {
+        method: "POST",
+        headers: e,
+        credentials: "include",
+        // Include cookies for auth
+        body: JSON.stringify(t)
+      });
+      if (!n.ok)
+        throw n.status === 401 ? new Error("Invalid email or password") : n.status === 403 ? new Error("Please verify your email address before signing in") : new Error(`Sign in failed: ${n.status} ${n.statusText}`);
+      const r = await n.json();
+      if (r.mfa_required) {
+        T.value = !0, g.value = r.mfa_session_id || null;
+        const l = (r.available_mfa_methods || []).map((o) => {
+          let v = `${o.device_type.charAt(0).toUpperCase() + o.device_type.slice(1)} Authentication`;
+          return o.device_type === "hardware" ? v = o.device_name || "Security Key" : o.device_type === "totp" ? v = o.device_name || "Authenticator App" : o.device_type === "email" && (v = o.device_name || "Email Verification"), {
+            id: o.device_id,
+            device_type: o.device_type,
+            device_name: o.device_name || v,
+            is_active: !0,
+            created_at: (/* @__PURE__ */ new Date()).toISOString(),
+            last_used_at: o.last_used_at,
+            // Pass through additional metadata if available
+            credential_id: o.credential_id,
+            device_info: o.device_info
+          };
+        });
+        return S.value = l, i.value.signingIn = !1, r;
+      }
+      return await P(r), r;
+    } catch (e) {
+      throw e;
+    } finally {
+      i.value.signingIn = !1;
+    }
+  }, Y = async (t) => {
+    i.value.signingUp = !0;
+    try {
+      throw new Error("Sign up not implemented - please integrate with auth SDK");
+    } finally {
+      i.value.signingUp = !1;
+    }
+  }, Q = async () => {
+    i.value.signingOut = !0;
+    try {
+      await fetch(a("signOut"), {
+        method: "POST",
+        credentials: "include"
+        // Cookies will be cleared by server response
+      }), A(), c.refreshPromise = null, w(), s.value = null, f.value = null, T.value = !1, g.value = null, S.value = [], typeof window < "u" && d.value?.onSignOutUrl && (window.location.href = d.value.onSignOutUrl);
+    } finally {
+      i.value.signingOut = !1;
+    }
+  }, O = async () => {
+    if (c.refreshPromise)
+      return await c.refreshPromise;
+    c.refreshPromise = (async () => {
+      i.value.refreshingToken = !0;
+      try {
+        const e = await fetch(a("refresh"), {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json"
+          },
+          credentials: "include"
+          // Refresh token sent via cookie
+        });
+        if (!e.ok) {
+          if (e.status === 401)
+            return I(), !1;
+          throw new Error(`Token refresh failed: ${e.status} ${e.statusText}`);
+        }
+        const n = await e.json();
+        n.user && (s.value = k(n.user));
+        const r = {
+          accessToken: "",
+          // Token is in HttpOnly cookie
+          refreshToken: "",
+          // Token is in HttpOnly cookie
+          expiresAt: new Date(Date.now() + 300 * 1e3),
+          // 5 minutes from now
+          userId: n.user?.id || s.value?.id
+        };
+        return f.value = r, _(), E(`sessions:${s.value?.id || "unknown"}`), !0;
+      } catch {
+        return I(), !1;
+      } finally {
+        i.value.refreshingToken = !1;
+      }
+    })();
+    const t = await c.refreshPromise;
+    return c.refreshPromise = null, t;
+  }, X = async () => {
+    const t = `profile:${f.value.accessToken.slice(0, 20)}`;
+    i.value.loadingProfile = !0;
+    try {
+      return await m(t, async () => {
+        const e = await fetch(a("profile"), {
+          method: "GET",
+          headers: {
+            "Content-Type": "application/json",
+            Authorization: `Bearer ${f.value?.accessToken}`
+          }
+        });
+        if (!e.ok)
+          throw e.status === 401 ? new Error("Authentication expired. Please sign in again.") : new Error(`Failed to fetch profile: ${e.status} ${e.statusText}`);
+        const n = await e.json();
+        return s.value = k(n), s.value && typeof window < "u" && localStorage.setItem("strands_auth_user", JSON.stringify(s.value)), s.value;
+      });
+    } finally {
+      i.value.loadingProfile = !1;
+    }
+  }, Z = async (t) => {
+    i.value.loadingProfile = !0;
+    try {
+      const e = await fetch(a("profile"), {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          Authorization: `Bearer ${f.value.accessToken}`
+        },
+        body: JSON.stringify({
+          first_name: t.firstName,
+          last_name: t.lastName
+        })
+      });
+      if (!e.ok)
+        throw e.status === 401 ? new Error("Authentication expired. Please sign in again.") : new Error(`Profile update failed: ${e.status} ${e.statusText}`);
+      const n = await e.json();
+      return s.value = k(n), s.value && C("strands_auth_user", JSON.stringify(s.value)), s.value;
+    } finally {
+      i.value.loadingProfile = !1;
+    }
+  }, ee = async (t) => {
+    i.value.loadingProfile = !0;
+    try {
+      const e = await fetch(a("settings"), {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          Authorization: `Bearer ${f.value.accessToken}`
+        },
+        body: JSON.stringify({
+          settings: t
+        })
+      });
+      if (!e.ok)
+        throw e.status === 401 ? new Error("Authentication expired. Please sign in again.") : new Error(`Settings update failed: ${e.status} ${e.statusText}`);
+      const n = await e.json();
+      return s.value = k(n), s.value && C("strands_auth_user", JSON.stringify(s.value)), s.value;
+    } finally {
+      i.value.loadingProfile = !1;
+    }
+  }, te = async (t, e) => {
+    i.value.loadingProfile = !0;
+    try {
+      const n = await fetch(a("changeEmail"), {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          Authorization: `Bearer ${f.value.accessToken}`
+        },
+        body: JSON.stringify({
+          new_email: t,
+          password: e
+        })
+      });
+      if (!n.ok) {
+        if (n.status === 401)
+          throw new Error("Authentication expired. Please sign in again.");
+        {
+          const l = await n.json().catch(() => ({}));
+          throw new Error(l.message || `Email change failed: ${n.status} ${n.statusText}`);
+        }
+      }
+      const r = await n.json();
+      return s.value && (s.value = {
+        ...s.value,
+        email: t,
+        emailVerified: !1,
+        // Email needs to be verified again
+        updatedAt: (/* @__PURE__ */ new Date()).toISOString()
+      }, typeof window < "u" && localStorage.setItem("strands_auth_user", JSON.stringify(s.value))), r;
+    } finally {
+      i.value.loadingProfile = !1;
+    }
+  }, ae = async (t, e, n = !1) => {
+    if (!g.value)
+      throw new Error("No MFA session available");
+    i.value.verifyingMfa = !0;
+    try {
+      const r = a(n ? "mfaBackupCodeVerify" : "mfaSigninVerify"), l = n ? { mfa_session_id: g.value, backup_code: e } : { mfa_session_id: g.value, device_id: t, code: e }, o = await fetch(r, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        credentials: "include",
+        body: JSON.stringify(l)
+      });
+      if (!o.ok) {
+        const b = await o.text();
+        let M = "MFA verification failed";
+        try {
+          const $ = JSON.parse(b);
+          M = $.message || $.error || b;
+        } catch {
+          M = b || "MFA verification failed";
+        }
+        throw new Error(M);
+      }
+      const v = await o.json();
+      return T.value = !1, g.value = null, S.value = [], await P(v), v;
+    } finally {
+      i.value.verifyingMfa = !1;
+    }
+  }, ne = async (t) => {
+    if (!g.value)
+      throw new Error("No MFA session available");
+    i.value.sendingMfaEmail = !0;
+    try {
+      const e = await fetch(a("mfaSigninSendEmail"), {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        credentials: "include",
+        body: JSON.stringify({
+          mfa_session_id: g.value,
+          device_id: t
+        })
+      });
+      if (!e.ok) {
+        const r = await e.text();
+        let l = "Failed to send MFA email code";
+        try {
+          const o = JSON.parse(r);
+          l = o.message || o.error || r;
+        } catch {
+          l = r || "Failed to send MFA email code";
+        }
+        throw new Error(l);
+      }
+      return await e.json();
+    } finally {
+      i.value.sendingMfaEmail = !1;
+    }
+  }, ie = async (t) => {
+    if (!g.value)
+      throw new Error("No MFA session available");
+    const e = await fetch(a("mfaWebAuthnChallenge"), {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      credentials: "include",
+      body: JSON.stringify({
+        mfa_session_id: g.value,
+        device_id: t
+      })
+    });
+    if (!e.ok) {
+      const n = await e.text();
+      let r = "Failed to get WebAuthn challenge";
+      try {
+        const l = JSON.parse(n);
+        r = l.message || l.error || n;
+      } catch {
+        r = n || r;
+      }
+      throw new Error(r);
+    }
+    return e.json();
+  }, P = async (t) => {
+    try {
+      t.user && (s.value = k(t.user));
+      const e = {
+        accessToken: "",
+        // Token is in HttpOnly cookie
+        refreshToken: "",
+        // Token is in HttpOnly cookie
+        expiresAt: new Date(Date.now() + 300 * 1e3),
+        // 5 minutes from now (matching API token expiry)
+        userId: s.value?.id || t.user?.id
+      };
+      f.value = e, _();
+    } catch {
+    }
+  }, _ = () => {
+    if (c.refreshTimer && clearTimeout(c.refreshTimer), !f.value || typeof document < "u" && document.visibilityState === "hidden")
+      return;
+    const t = /* @__PURE__ */ new Date(), n = f.value.expiresAt.getTime() - t.getTime() - 60 * 1e3;
+    if (n <= 0) {
+      O();
+      return;
+    }
+    c.refreshTimer = setTimeout(async () => {
+      (typeof document > "u" || document.visibilityState === "visible") && await O() && _();
+    }, n);
+  }, A = () => {
+    c.refreshTimer && (clearTimeout(c.refreshTimer), c.refreshTimer = null);
+  }, x = async () => {
+    if (p.value) {
+      i.value.initializing = !1;
+      return;
+    }
+    if (c.promise) {
+      await c.promise;
+      return;
+    }
+    i.value.initializing = !0;
+    const t = async () => {
+      try {
+        typeof window < "u" && (await Promise.race([
+          V(),
+          new Promise((r) => setTimeout(() => r(!1), 5e3))
+        ]) ? _() : (s.value = null, f.value = null)), p.value = !0, await new Promise((e) => setTimeout(e, 50));
+      } catch {
+      } finally {
+        i.value.initializing = !1, c.promise = null;
+      }
+    };
+    return c.promise = t(), c.promise;
+  }, se = async (t) => {
+    i.value.loadingProfile = !0;
+    try {
+      const e = await fetch(a("changeUsername"), {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json"
+        },
+        credentials: "include",
+        body: JSON.stringify({
+          username: t
+        })
+      });
+      if (!e.ok) {
+        const r = await e.json().catch(() => ({}));
+        throw e.status === 409 ? new Error("Username is already taken") : r.cooldown_end ? new Error(`You can only change your username once every 30 days. You can change it again on ${new Date(r.cooldown_end).toLocaleDateString()}`) : new Error(r.message || `Username change failed: ${e.status} ${e.statusText}`);
+      }
+      const n = await e.json();
+      return s.value && (s.value = {
+        ...s.value,
+        username: t,
+        usernameLastChangedAt: (/* @__PURE__ */ new Date()).toISOString(),
+        updatedAt: (/* @__PURE__ */ new Date()).toISOString()
+      }), n;
+    } finally {
+      i.value.loadingProfile = !1;
+    }
+  }, re = async () => {
+    const t = await fetch(a("usernameCooldown"), {
+      method: "GET",
+      credentials: "include"
+    });
+    if (!t.ok)
+      throw new Error(`Failed to get username cooldown: ${t.status} ${t.statusText}`);
+    return t.json();
+  }, oe = async (t) => {
+    const e = a("checkUsernameAvailability").replace("{username}", encodeURIComponent(t)), n = await fetch(e, {
+      method: "GET",
+      headers: {
+        "Content-Type": "application/json"
+      }
+    });
+    if (!n.ok)
+      throw new Error(`Failed to check username availability: ${n.status} ${n.statusText}`);
+    return n.json();
+  }, le = async () => {
+    const t = `sessions:${s.value?.id || "no-user"}`;
+    try {
+      return await m(t, async () => {
+        const e = await fetch(a("sessions"), {
+          method: "GET",
+          credentials: "include"
+        });
+        if (!e.ok)
+          throw await e.text(), new Error(`Failed to get user sessions: ${e.status} ${e.statusText}`);
+        return e.json();
+      }, 120 * 1e3);
+    } catch (e) {
+      throw e;
+    }
+  }, ue = async () => {
+    const t = await fetch(a("sessionsStats"), {
+      method: "GET",
+      credentials: "include"
+    });
+    if (!t.ok)
+      throw new Error(`Failed to get session stats: ${t.status} ${t.statusText}`);
+    return t.json();
+  }, ce = async (t) => {
+    const e = a("sessionRevoke").replace("{session_id}", encodeURIComponent(t)), n = await fetch(e, {
+      method: "POST",
+      credentials: "include"
+    });
+    if (!n.ok)
+      throw new Error(`Failed to revoke session: ${n.status} ${n.statusText}`);
+    return n.status === 200;
+  }, fe = async () => {
+    const t = await fetch(a("sessionsRevokeAll"), {
+      method: "POST",
+      credentials: "include"
+    });
+    if (!t.ok)
+      throw new Error(`Failed to revoke all other sessions: ${t.status} ${t.statusText}`);
+    return t.status === 200;
+  };
+  typeof document < "u" && document.addEventListener("visibilitychange", () => {
+    document.visibilityState === "visible" && f.value ? _() : document.visibilityState === "hidden" && A();
+  });
+  const de = () => {
+    A(), w();
+  };
+  try {
+    he() && ge(de);
+  } catch {
+  }
+  return p.value || x(), {
+    // State
+    user: u(() => s.value),
+    currentUser: u(() => s.value),
+    currentSession: u(() => f.value),
+    isAuthenticated: W,
+    isLoading: u(() => L.value || !p.value),
+    loading: D,
+    loadingMessage: q,
+    // Specific loading states
+    isInitializing: j,
+    isInitialized: u(() => p.value),
+    isSigningIn: N,
+    isSigningUp: F,
+    isSigningOut: R,
+    isRefreshingToken: z,
+    isSendingMfaEmail: J,
+    isVerifyingMfa: U,
+    // MFA State
+    mfaRequired: u(() => T.value),
+    mfaSessionId: u(() => g.value),
+    availableMfaMethods: u(() => S.value),
+    // Methods
+    signIn: B,
+    signUp: Y,
+    signOut: Q,
+    refreshToken: O,
+    fetchProfile: X,
+    updateProfile: Z,
+    updateUserSettings: ee,
+    changeEmail: te,
+    changeUsername: se,
+    getUsernameCooldown: re,
+    checkUsernameAvailability: oe,
+    // Session management
+    getUserSessions: le,
+    getSessionStats: ue,
+    revokeSession: ce,
+    revokeAllOtherSessions: fe,
+    initialize: x,
+    setAuthData: P,
+    verifyMfa: ae,
+    sendMfaEmailCode: ne,
+    getMfaWebAuthnChallenge: ie,
+    registerHardwareKey: K,
+    completeHardwareKeyRegistration: G,
+    // Token management
+    startTokenRefreshTimer: _,
+    stopTokenRefreshTimer: A,
+    getAuthHeaders: H,
+    // Force re-initialization (useful for testing or navigation)
+    forceReInit: () => {
+      p.value = !1, i.value.initializing = !0, x();
+    }
+  };
+}
+export {
+  _e as u
+};